Re: VIRUS ALERT... the full story
- You do know I hope that there is a copy of this damned thing right
here in the group archives. Hopefully no one will accidently open the
bloody thing. Is there any way we can delete it or is that something
that only our absentee admiral/moderator can do?
--- In Bolitho@y..., "James Goddard" <snapdragonxxx@h...> wrote:
> A destructive polymorphic binary virus/worm targeting Windows
> Computer Associates International, Inc.
> September 12, 2001
> Also known as W32/Magistr.B, Win32.Magistr.B@mm and I-Worm
> For more information, please visit the Win32.Magistr.29188
description in our Virus Encyclopedia.
> Win32/Magistr.29188 is a new variant of the
Win32/Magistr.24876 worm/virus. This updated version of Magistr has
some features that make it a little more evasive although at the same
time, increasing its potential for propagating on Windows 98/NT/2000
machines. Its core functionality remains intact - infecting Windows
executable files, mailing out infected files over the Internet, and
spreading itself over a local network.
> Using its own SMTP engine, the worm component is able to
generate email using addresses from various sources - DBX (Outlook
Express), WAB (Windows Address Book), and MBX (Eudora Address Book)
files. The email subject/body/attachment name is constructed at random
from .txt or .doc files found on the infected machine.
> The virus component will search a greater number of "Windows"
directories during its infection cycle while, at the same time,
deleting any *.NTZ files it finds. Similar to the original, a copy of
a random file is dropped into the Windows directory, but thereafter,
it also adds itself to the "shell=" line in the "[boot]" section in
> Many of the payloads from the original Magistr.24876,
including erasing hard drive data and CMOS/Flash memory on Win9x
systems, have been changed to trigger within a shorter time span upon
being executed in this variant.
- Thank you James, it's a nasty bugger, isn't it.Too bad we couldn't locate the little useless ^%$*&^! that has nothing better to do but develop these things and take him to sea with us. From where I could he would never be seen again! Good sailors could devise all sorts of "interesting" entertainments for him till he disappeared over the side with a couple of roundshot at his dirty little feet!I remain................Commodore BobHMS Intrepid
- A post can be deleted from the archive, but as far as I know only
by the person who posted it. So Commodore Bob, if you go to the
archive and pull up your post with the virus, I think you can delete
that post, so no one accidentally gets the virus from the archive. I
deleted a post once. I don't remember exactly how I did it, but it
did work and it seemed pretty intuitive.
HM Sloope Sharke (20)
--- In Bolitho@y..., "blademaster01757" <jjts01757@y...> wrote:
> You do know I hope that there is a copy of this damned thing
> here in the group archives. Hopefully no one will accidently
> bloody thing. Is there any way we can delete it or is that
> that only our absentee admiral/moderator can do?
- My dear Lt DK,
Your recommendation has been duly exicuted. The message containing the
"bug", is no more!
I thank you for your advice.
> A post can be deleted from the archive, but as far as I know only
> by the person who posted it. So Commodore Bob, if you go to the
> archive and pull up your post with the virus, I think you can delete
> that post, so no one accidentally gets the virus from the archive. I
> deleted a post once. I don't remember exactly how I did it, but it
> did work and it seemed pretty intuitive.
> Midshipman DK
> HM Sloope Sharke (20)